Re: How secure is VPN access?

For risks that occur in a real-world VPN scenario, either because of 
unrestricted access to authenticated VPN users, or mis-configuration of 
the VPN box itself, you could check a sample report prepared by our 
team, of a VPN pen-test we carried out. It can be downloaded from:
http://www.nii.co.in/services/pentestreport.pdf

Cheers,

--
K. K. Mookhey
Founder & CTO
Network Intelligence (I) Pvt. Ltd.
Web: www.nii.co.in
Tel: +91-22-22001530/22006019
------------------------------------
Comprehensive Security Assessment Software
http://www.nii.co.in/products.html
------------------------------------

>>
>>The CIO wants us to only allow users to access the network from
>>company laptops, not from their own home computers.  We currently will
>>allow users to install the VPN client software on their home computers
>>to connect remotely, or they can use Citrix through SSL access to get
>>to network resources.  His concern is that if a users home PC is
>>compromised, that compromise can spread to our network.
>>
>>Is this a legitimate concern?  Can anyone point me in the direction of
>>some documentation backing either argument?
>>
>
>
> Think about what VPN is. It's simply a way to cheaply and securely
> connect remote sites. That's it. Once you're connected, you're
> basically on the LAN. So any infection, viruses, etc. can be
> transmitted just as easily (unless you've got a VLAN with further
> firewalling between the two).
>
> So, yes, letting users work from their personal systems *is* a
> security risk, but there are ways to reduce that vulnerability.
>
>